If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Service running?

i checked the netstat command on my personal PC and i observed that it's establishing a connection to a foreigner address 88.208.250.70:443 (note that this is only connection established no other services is connecting to Internet). i start my investigation to gather more information about the IP using nmap, whois, wireshark. i came to know that the IP is hosted in UK for FastHost UK Network.

my concern is why my pc is connected to the above IP what kind of service exchanged? i run wireshark to analyze the traffic. and i observe that my PC first is sending a SYN request. a complete 3 way handshake complete and SSL connection established. the info given by wireshark is Continuation Data. i didn't get any more details.

from the firewall i create a rule to block the inbound and outbound connection.

my question. since my PC is starting the connection how to know the service or the software run? in order to delete it or kill it.

I find it hard to imagine McCocolo as pure as the driven snow, but......................sort of reminds me of SCO

So, the question is, does the connection always go to that IP address?........ if it is fixed please let me know, as I am based in the UK

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

i detect the service. the name of the service is servlnks.exe and installed under this directory. C:\Program Files\Windows SSL Transport. another file name is Start.ini the content of the file as the following

site=megabandwidth.ibypass.co.uk
user=Premium

another batch file having the following lines

net stop servlnks
net start servlnks

anybody know about ibypass? our ISP is blocking the site.

i wonder how the folder installed in my PC, i don't recall installing any proxy server. anyhow i solve the problem and thanks everybody for support.

It is a proxy server and appears to have been taken down at the moment, so it might not be your ISP blocking it, perhaps they just can't connect?

i wonder how the folder installed in my PC

Some torrent or other download sites are not quite what they seem...........warez sites are certainly to be avoided

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?